Most developers rely on .env files to store secrets like API keys, database passwords, and tokens. But what if I told you this common practice can leave you wide open to attacks? In this video, I break down why storing secrets in a .env file is dangerous, how attackers can exploit it, and what safer alternatives you should be using instead. Use Snyk for free to find and fix security issues in your applications today! https://snyk.co/ugLYn ✍️ Resources ✍️ - Jira MCP Hijack Post: https://x.com/mbrg0/status/1953932780855013682 - Crypto Extension Hack Post: https://x.com/0xzak/status/1955265807807545763 - Weaponizing AI Coding Agents Post: https://snyk.co/ujcke - Shai-Hulud Supply Chain Attack Post: https://snyk.co/ujckf - Compromised Open Source Maintainer Post: https://snyk.co/ujckg ⏲️ Chapters ⏲️ 00:00 - Intro 01:03 - Why .env files are bad 01:56 - Safer alternatives 02:39 - Doppler demo 04:56 - How this works 07:16 - 1Password demo 10:00 - Why this is good 10:28 -...

Dexter Horthy, founder of Human Layer, shares what his team has learned about scaling coding agents in real-world software projects. He walks through why naive back-and-forth prompting fails, how spec-first development keeps teams aligned, and why “everything is context engineering.” From compaction strategies to subagents and planning workflows, he shows how intentional context management turns AI coding from prototypes into production. Chapters: 00:09 - The Origin of Context Engineering 00:46 - Key Talks and Insights from AI Engineering 01:45 - Challenges with AI in Complex Systems 03:12 - The Shift to Spec-First Development 04:03 - Advanced Context Engineering for Coding Agents 04:48 - Intentional Compassion in Context Management 05:45 - Optimizing Context Utilization 07:27 - The Role of Subagents in Context Control 08:48 - Frequent Intentional Compaction 11:00 - Practical Implementation and Workflow 11:12 - Case Study: Fixing a Rust Code Base 11:59 - Insights on Effective Coding Practices 12:44...

A beginner's guide to understanding Model Context Protocol (MCP) architecture visually. Explore MCP Hosts, Clients, Servers, transport types, and how MCP extends LLMs beyond function calling & REST APIs.

Can you escape all the vulnerable npm packages? Try your luck with Vuln Vortex

How-to setup an isolated Node.js local development environment with VS Code DevContainers and 1Password to keep secrets out of your filesystem and avoid supply chain security incidents like shai-hulud, qix maintainer compromise and others.